300-208 Premium Bundle

300-208 Premium Bundle

Implementing Cisco Secure Access Solutions (SISAS) Certification Exam

4.5 
(5100 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
November 21, 2024Last update

Introducing The New!

Surepassexam Collection

Get Unlimited Access to all
Surepassexam's PREMIUM files

DOWNLOAD NOW
Download Quality. Itexamlabs.com Certified
  1. Home
  2. Cisco
  3. 300-208 Exam

Cisco 300-208 Free Practice Questions

Q1. Which three features should be enabled as best practices for MAB? (Choose three.) 

A. MD5 

B. IP source guard 

C. DHCP snooping 

D. storm control E. DAI 

F. URPF 

Answer: B,C,E 

Q2. Refer to the exhibit. 

You are configuring permissions for a new Cisco ISE standard authorization profile. If you configure the Tunnel-Private-Group-ID attribute as shown, what does the value 123 represent? 

A. the VLAN ID 

B. the VRF ID 

C. the tunnel ID 

D. the group ID 

Answer:

Q3. Which setting provides the best security for a WLAN and authenticates users against a centralized directory store? 

A. WPA2 AES-CCMP and 801.X authentication 

B. WPA2 AES-CCMP and PSK authentication 

C. WPA2 TKIP and PSK authentication 

D. WPA2 TKIP and 802.1X authentication 

Answer:

Q4. What is the first step that occurs when provisioning a wired device in a BYOD scenario? 

A. The smart hub detects that the physically connected endpoint requires configuration and must use MAB to authenticate. 

B. The URL redirects to the Cisco ISE Guest Provisioning portal. 

C. Cisco ISE authenticates the user and deploys the SPW package. 

D. The device user attempts to access a network URL. 

Answer:

Q5. Which statement about Cisco Management Frame Protection is true? 

A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point. 

B. It detects spoofed MAC addresses. 

C. It identifies potential RF jamming attacks. 

D. It protects against frame and device spoofing. 

Answer:

Q6. You are troubleshooting wired 802.1X authentications and see the following error: "Authentication failed: 22040 Wrong password or invalid shared secret." What should you inspect to determine the problem? 

A. RADIUS shared secret 

B. Active Directory shared secret 

C. Identity source sequence 

D. TACACS+ shared secret 

E. Certificate authentication profile 

Answer:

Q7. During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem? 

A. Enable the Agent IP Refresh feature. 

B. Enable the Enable VLAN Detect Without UI feature. 

C. Enable CRL checking. 

D. Edit the Discovery Host parameter to use an IP address instead of an FQDN. 

Answer:

Q8. Which two conditions are valid when configuring ISE for posturing? (Choose two.) 

A. Dictionary 

B. member Of 

C. Profile status 

D. File 

E. Service 

Answer: D,E 

Q9. What is a required step when you deploy dynamic VLAN and ACL assignments? 

A. Configure the VLAN assignment. 

B. Configure the ACL assignment. 

C. Configure Cisco IOS Software 802.1X authenticator authorization. 

D. Configure the Cisco IOS Software switch for ACL assignment. 

Answer:

Q10. Which three pieces of information can be found in an authentication detail report? (Choose three.) 

A. DHCP vendor ID 

B. user agent string 

C. the authorization rule matched by the endpoint 

D. the EAP method the endpoint is using 

E. the RADIUS username being used 

F. failed posture requirement 

Answer: C,D,E 

Q11. Which method does Cisco prefer to securely deploy guest wireless access in a BYOD implementation? 

A. deploying a dedicated Wireless LAN Controller in a DMZ 

B. configuring a guest SSID with WPA2 Enterprise authentication 

C. configuring guest wireless users to obtain DHCP centrally from the corporate DHCP server 

D. disabling guest SSID broadcasting 

Answer:

Q12. A properly configured Cisco ISE Policy Service node is not receiving any profile data from a Cisco switch that runs Device Sensor. 

Which option is the most likely reason for the failure? 

A. Syslog is configured for the Policy Administration Node. 

B. RADIUS Accounting is disabled. 

C. The SNMP community strings are mismatched. 

D. RADIUS Authentication is misconfigured. 

E. The connected endpoints support CDP but not DHCP. 

Answer:

Q13. Refer to the exhibit. 

Which three statements about the given configuration are true? (Choose three.) 

A. TACACS+ authentication configuration is complete. 

B. TACACS+ authentication configuration is incomplete. 

C. TACACS+ server hosts are configured correctly. 

D. TACACS+ server hosts are misconfigured. 

E. The TACACS+ server key is encrypted. 

F. The TACACS+ server key is unencrypted. 

Answer: B,C,F 

Q14. After an endpoint has completed authentication with MAB, a security violation is triggered because a different MAC address was detected. Which host mode must be active on the port? 

A. single-host mode 

B. multidomain authentication host mode 

C. multiauthentication host mode 

D. multihost mode 

Answer:

Q15. The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node? 

A. tcp/8905, http/80, ftp/21 

B. tcp/8905, http/80, https/443 

C. udp/8905, telnet/23, https/443 

D. udp/8906, http/80, https/443 

Answer:

Q16. Which two identity store options allow you to authorize based on group membership? (Choose two). 

A. Lightweight Directory Access Protocol 

B. RSA SecurID server 

C. RADIUS 

D. Active Directory 

Answer: A,D 

Q17. Which type of remediation does Windows Server Update Services provide? 

A. automatic remediation 

B. administrator-initiated remediation 

C. redirect remediation 

D. central Web auth remediation 

Answer:

START 300-208 EXAM
© All pages Copyright to 2024 by itexamlabs.com. All rights reserved. testpreplab.com certstest.com